Xmind 安全漏洞

Xmind is a mind mapping software developed by Xmind Corporation. There is a security vulnerability in Xmind, which stems from insufficient user interface warnings when processing attachments. This vulnerability could allow remote attackers to execute arbitrary code within the current user...

PT-2026-21297

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived fro...

LangGraph.js 注入漏洞

LangGraph.js is an open-source large model orchestration framework developed by LangChain. Versions of LangGraph.js prior to 1.0.2 contained a injection vulnerability. This vulnerability stemmed from the lack of proper escaping of user input during filter processing, which could lead to query...

openITCOCKPIT 代码问题漏洞

openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from unsafe PHP deserialization patterns when processing change log entries, which may lead to potential PHP object injection vulnerabiliti...

Exploit for Use After Free in Google Chrome

CVE-2026-2441-PoC CVE-2026-2441 PoC Chrome CSS Use-After-Free...

CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

CVE-2026-26339

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...

CVE-2026-26339

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...

CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality...

CVE-2026-26338 Hyland Alfresco Transformation Service SSRF

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...

CVE-2026-26338

The CVE-2026-26338 entry pertains to Hyland Alfresco Transformation Service. The connected documents confirm an unauthenticated server-side request forgery (SSRF) via the service’s document processing functionality. The root cause, affected component, and explicit exploit details are not enumerat...

SUSE CVE-2026-23220

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from a server-side request forgeing vulnerability present in its document processing...

PT-2026-20878

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service contains a flaw that enables unauthenticated attackers to execute code remotely. This issue stems from an argument...

PT-2026-20877

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description An unauthenticated attacker can perform server-side request forgery SSRF via the document processing functionality. SSRF occurs when an application makes reques...

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from parameter injection in the document processing function. This vulnerability may...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1434)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1434 advisory. If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. CVE-2025-15468 A TLS 1.3...

Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8052-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8052-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...